search

stechstudio / laravel-env-security

Securely manage Laravel .env files for different deployment environments
MIT License
75 stars 9 forks source link

Feature: decrypt/encrypt —all #6

Closed mskenderian-wps closed 5 years ago

mskenderian-wps commented 5 years ago

If I need to rotate keys. I have to edit them one by one.

‘artisan env:decrypt —all’ Will decrypt all files and name them .env.environment

Encrypt will do the reverse.

Decrypt —all can be dangerous... Also display warning to add the newly created files to .gitignore.

jszobody commented 5 years ago

Hmm, it does sound dangerous. Currently the env:edit command drops you into vi (or whatever EDITOR you have configured) specifically so that the decrypted contents never reside plaintext on disk. The goal has been to only ever have the current environment decrypted on disk.

Plus I'm not sure I see the benefit. After decrypting all you still have to then edit each file one by one, and then re-encrypt all.

Not sure if I want to add this in the package itself.

mskenderian-wps commented 5 years ago

It was for the sake of rotating keys.. Decrypt. Change AWS env values to new key. Encypt.

On Tue, Jul 30, 2019 at 1:55 PM Joseph Szobody notifications@github.com wrote:

Hmm, it does sound dangerous. Currently the env:edit command drops you into vi (or whatever EDITOR you have configured) specifically so that the decrypted contents never reside plaintext on disk. The goal has been to only ever have the current environment decrypted on disk.

Plus I'm not sure I see the benefit. After decrypting all you still have to then edit each file one by one, and then re-encrypt all.

Not sure if I want to add this in the package itself.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/stechstudio/laravel-env-security/issues/6?email_source=notifications&email_token=AHDL3ISXWSIHBLXVHTHDPZTQCCTCLA5CNFSM4IHZ2SC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3FJCYY#issuecomment-516591971, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDL3IRCIJXFHRXFYYTWUNDQCCTCLANCNFSM4IHZ2SCQ .

-- -Michael Skenderian

jszobody commented 5 years ago

It would be great to have a simpler process for key rotation, for sure.

Perhaps something like php artisan env:rotate KEY_NAME where it then prompts for the old and new value, and then goes through each env file and updates? That could be quite useful, and would still avoid decrypting all files and leaving them plaintext on disk.

I'll write up a separate issue for that, and would welcome feedback. I don't have a lot of time to work on that right now but would happily look at a PR if you wanted to. Going to close this one though.

mskenderian-wps commented 5 years ago

yes i like that idea.

On Wed, Jul 31, 2019 at 8:18 AM Joseph Szobody notifications@github.com wrote:

Closed #6 https://github.com/stechstudio/laravel-env-security/issues/6.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/stechstudio/laravel-env-security/issues/6?email_source=notifications&email_token=AHDL3IWMT4SB3EYWPALGKXTQCGULXA5CNFSM4IHZ2SC2YY3PNVWWK3TUL52HS4DFWZEXG43VMVCXMZLOORHG65DJMZUWGYLUNFXW5KTDN5WW2ZLOORPWSZGOSZVRIKY#event-2523599915, or mute the thread https://github.com/notifications/unsubscribe-auth/AHDL3IWHAXIEI7A2NOJ5OPTQCGULXANCNFSM4IHZ2SCQ .

-- -Michael Skenderian